Malicious computer software, or malware (including viruses, worms, rootkits, trojan horses, spyware and so forth), continues to evolve. As malware becomes more sophisticated, the malware becomes more difficult to remove from an infected computer system. For example, some malware may be able to change operating system components, malware scanning programs, signatures and so forth to avoid detection by antimalware protection products.
One existing antimalware tool allows the user to boot to an alternate, safe “offline” operating system, e.g., from a DVD-ROM, CD-ROM, USB drive or other media. From this alternate operating system, an offline antimalware tool scans the various host environment-accessible files (e.g., on the hard drive) when the host operating system is not running, and cleans or removes any detected malware files. Basically, because the likely infected host operating system is not running, any infecting malware code is also not running, whereby it is not possible for the infecting programs to conceal themselves. This makes it much easier for the offline tool to detect and clean infections.
While this offline scanning tool works very well, there are some limitations with it. For one, there is no communication between the offline tool and any online antimalware product that is installed, which may be confusing to the user and may lead to the offline product not being used appropriately. For another, there is typically no network access while in the offline scanning state, which means that the user is responsible for separately transferring data such as antimalware signatures between a network (e.g., the internet) and the media accessible to the offline components. Any improvements to antimalware scanning for malware detection and protection are desirable.